robosats/api/views.py

1088 lines
43 KiB
Python
Raw Normal View History

from django.db.models import Sum, Q
from drf_spectacular.utils import extend_schema
2022-01-06 21:36:22 +00:00
from rest_framework import status, viewsets
from rest_framework.generics import CreateAPIView, ListAPIView, UpdateAPIView
from rest_framework.views import APIView
from rest_framework.response import Response
from django.contrib.auth import authenticate, login, logout
from django.contrib.auth.models import User
2022-10-20 09:56:10 +00:00
from api.oas_schemas import (
BookViewSchema,
HistoricalViewSchema,
InfoViewSchema,
LimitViewSchema,
MakerViewSchema,
OrderViewSchema,
PriceViewSchema,
RewardViewSchema,
StealthViewSchema,
TickViewSchema,
UserViewSchema,
)
from chat.views import ChatView
2022-10-20 09:56:10 +00:00
from api.serializers import (
InfoSerializer,
ListOrderSerializer,
MakeOrderSerializer,
OrderPublicSerializer,
UpdateOrderSerializer,
ClaimRewardSerializer,
PriceSerializer,
UserGenSerializer,
TickSerializer,
StealthSerializer,
)
2022-06-16 15:31:30 +00:00
from api.models import LNPayment, MarketTick, OnchainPayment, Order, Currency, Profile
from control.models import AccountingDay, BalanceLog
from api.logics import Logics
from api.messages import Telegram
from secrets import token_urlsafe
2022-10-20 09:56:10 +00:00
from api.utils import (
get_lnd_version,
get_robosats_commit,
get_robosats_version,
compute_premium_percentile,
compute_avg_premium,
)
2022-01-01 22:13:27 +00:00
from .nick_generator.nick_generator import NickGenerator
from robohash import Robohash
from scipy.stats import entropy
from math import log2
import hashlib
from pathlib import Path
from datetime import timedelta, datetime
from django.utils import timezone
2022-02-12 15:46:58 +00:00
from django.conf import settings
2022-01-06 16:54:37 +00:00
from decouple import config
2022-02-17 19:50:10 +00:00
EXP_MAKER_BOND_INVOICE = int(config("EXP_MAKER_BOND_INVOICE"))
RETRY_TIME = int(config("RETRY_TIME"))
2022-10-20 09:56:10 +00:00
PUBLIC_DURATION = 60 * 60 * int(config("DEFAULT_PUBLIC_ORDER_DURATION")) - 1
ESCROW_DURATION = 60 * int(config("INVOICE_AND_ESCROW_DURATION"))
2022-03-18 22:09:38 +00:00
BOND_SIZE = int(config("DEFAULT_BOND_SIZE"))
2022-02-07 13:37:16 +00:00
2022-02-12 15:46:58 +00:00
avatar_path = Path(settings.AVATAR_ROOT)
avatar_path.mkdir(parents=True, exist_ok=True)
2022-01-01 22:13:27 +00:00
# Create your views here.
2022-02-17 19:50:10 +00:00
class MakerView(CreateAPIView):
2022-02-17 19:50:10 +00:00
serializer_class = MakeOrderSerializer
@extend_schema(**MakerViewSchema.post)
2022-02-17 19:50:10 +00:00
def post(self, request):
serializer = self.serializer_class(data=request.data)
if not request.user.is_authenticated:
2022-02-17 19:50:10 +00:00
return Response(
2022-10-20 09:56:10 +00:00
{"bad_request": "Woops! It seems you do not have a robot avatar"},
2022-02-17 19:50:10 +00:00
status.HTTP_400_BAD_REQUEST,
)
if not serializer.is_valid():
return Response(status=status.HTTP_400_BAD_REQUEST)
2022-02-25 20:08:22 +00:00
# In case it gets overwhelming. Limit the number of public orders.
2022-10-20 09:56:10 +00:00
if Order.objects.filter(status=Order.Status.PUB).count() >= int(
config("MAX_PUBLIC_ORDERS")
):
2022-02-25 20:08:22 +00:00
return Response(
{
2022-10-20 09:56:10 +00:00
"bad_request": "Woah! RoboSats' book is at full capacity! Try again later"
2022-02-25 20:08:22 +00:00
},
status.HTTP_400_BAD_REQUEST,
)
# Only allow users who are not already engaged in an order
valid, context, _ = Logics.validate_already_maker_or_taker(request.user)
if not valid:
return Response(context, status.HTTP_409_CONFLICT)
2022-02-25 20:08:22 +00:00
2022-02-17 19:50:10 +00:00
type = serializer.data.get("type")
currency = serializer.data.get("currency")
amount = serializer.data.get("amount")
has_range = serializer.data.get("has_range")
min_amount = serializer.data.get("min_amount")
max_amount = serializer.data.get("max_amount")
2022-02-17 19:50:10 +00:00
payment_method = serializer.data.get("payment_method")
premium = serializer.data.get("premium")
satoshis = serializer.data.get("satoshis")
is_explicit = serializer.data.get("is_explicit")
2022-03-18 21:21:13 +00:00
public_duration = serializer.data.get("public_duration")
escrow_duration = serializer.data.get("escrow_duration")
2022-03-18 22:09:38 +00:00
bond_size = serializer.data.get("bond_size")
bondless_taker = serializer.data.get("bondless_taker")
2022-03-18 22:09:38 +00:00
# Optional params
2022-10-20 09:56:10 +00:00
if public_duration == None:
public_duration = PUBLIC_DURATION
if escrow_duration == None:
escrow_duration = ESCROW_DURATION
if bond_size == None:
bond_size = BOND_SIZE
if bondless_taker == None:
bondless_taker = False
if has_range == None:
has_range = False
# TODO add a check - if `is_explicit` is true then `satoshis` need to be specified
# An order can either have an amount or a range (min_amount and max_amount)
if has_range:
amount = None
else:
min_amount = None
max_amount = None
# Either amount or min_max has to be specified.
if has_range and (min_amount == None or max_amount == None):
return Response(
{
2022-10-20 09:56:10 +00:00
"bad_request": "You must specify min_amount and max_amount for a range order"
},
status.HTTP_400_BAD_REQUEST,
)
elif not has_range and amount == None:
return Response(
2022-10-20 09:56:10 +00:00
{"bad_request": "You must specify an order amount"},
status.HTTP_400_BAD_REQUEST,
)
2022-01-06 20:33:40 +00:00
# Creates a new order
order = Order(
type=type,
currency=Currency.objects.get(id=currency),
2022-01-06 20:33:40 +00:00
amount=amount,
has_range=has_range,
min_amount=min_amount,
max_amount=max_amount,
2022-01-06 20:33:40 +00:00
payment_method=payment_method,
premium=premium,
satoshis=satoshis,
is_explicit=is_explicit,
2022-10-20 09:56:10 +00:00
expires_at=timezone.now() + timedelta(seconds=EXP_MAKER_BOND_INVOICE),
2022-02-17 19:50:10 +00:00
maker=request.user,
2022-03-18 21:21:13 +00:00
public_duration=public_duration,
escrow_duration=escrow_duration,
2022-03-18 22:09:38 +00:00
bond_size=bond_size,
bondless_taker=bondless_taker,
2022-02-17 19:50:10 +00:00
)
2022-01-06 21:36:22 +00:00
order.last_satoshis = order.t0_satoshis = Logics.satoshis_now(order)
2022-01-06 20:33:40 +00:00
2022-01-06 21:36:22 +00:00
valid, context = Logics.validate_order_size(order)
2022-02-17 19:50:10 +00:00
if not valid:
return Response(context, status.HTTP_400_BAD_REQUEST)
2022-01-06 20:33:40 +00:00
order.save()
2022-10-20 09:56:10 +00:00
return Response(ListOrderSerializer(order).data, status=status.HTTP_201_CREATED)
class OrderView(viewsets.ViewSet):
2022-01-06 20:33:40 +00:00
serializer_class = UpdateOrderSerializer
2022-02-17 19:50:10 +00:00
lookup_url_kwarg = "order_id"
@extend_schema(**OrderViewSchema.get)
def get(self, request, format=None):
2022-02-17 19:50:10 +00:00
"""
Full trade pipeline takes place while looking/refreshing the order page.
2022-02-17 19:50:10 +00:00
"""
order_id = request.GET.get(self.lookup_url_kwarg)
2022-01-28 14:30:45 +00:00
if not request.user.is_authenticated:
2022-02-17 19:50:10 +00:00
return Response(
{
2022-10-20 09:56:10 +00:00
"bad_request": "You must have a robot avatar to see the order details"
2022-02-17 19:50:10 +00:00
},
status=status.HTTP_400_BAD_REQUEST,
)
2022-01-28 14:30:45 +00:00
if order_id == None:
2022-02-17 19:50:10 +00:00
return Response(
{"bad_request": "Order ID parameter not found in request"},
status=status.HTTP_400_BAD_REQUEST,
)
order = Order.objects.filter(id=order_id)
# check if exactly one order is found in the db
2022-02-17 19:50:10 +00:00
if len(order) != 1:
2022-10-20 09:56:10 +00:00
return Response(
{"bad_request": "Invalid Order Id"}, status.HTTP_404_NOT_FOUND
)
2022-02-17 19:50:10 +00:00
# This is our order.
order = order[0]
# 2) If order has been cancelled
if order.status == Order.Status.UCA:
2022-02-17 19:50:10 +00:00
return Response(
{"bad_request": "This order has been cancelled by the maker"},
status.HTTP_400_BAD_REQUEST,
)
if order.status == Order.Status.CCA:
2022-02-17 19:50:10 +00:00
return Response(
2022-10-20 09:56:10 +00:00
{"bad_request": "This order has been cancelled collaborativelly"},
2022-02-17 19:50:10 +00:00
status.HTTP_400_BAD_REQUEST,
)
data = ListOrderSerializer(order).data
2022-03-18 21:21:13 +00:00
data["total_secs_exp"] = order.t_to_expire(order.status)
# if user is under a limit (penalty), inform him.
2022-01-10 12:10:32 +00:00
is_penalized, time_out = Logics.is_penalized(request.user)
if is_penalized:
2022-02-17 19:50:10 +00:00
data["penalty"] = request.user.profile.penalty_expiration
2022-01-10 12:10:32 +00:00
# Add booleans if user is maker, taker, partipant, buyer or seller
2022-02-17 19:50:10 +00:00
data["is_maker"] = order.maker == request.user
data["is_taker"] = order.taker == request.user
data["is_participant"] = data["is_maker"] or data["is_taker"]
2022-01-14 12:00:53 +00:00
# 3.a) If not a participant and order is not public, forbid.
2022-02-17 19:50:10 +00:00
if not data["is_participant"] and order.status != Order.Status.PUB:
return Response(
{"bad_request": "This order is not available"},
2022-02-17 19:50:10 +00:00
status.HTTP_403_FORBIDDEN,
)
# WRITE Update last_seen for maker and taker.
# Note down that the taker/maker was here recently, so counterpart knows if the user is paying attention.
data["maker_nick"] = str(order.maker)
if order.maker == request.user:
order.maker_last_seen = timezone.now()
order.save()
if order.taker == request.user:
order.taker_last_seen = timezone.now()
order.save()
# Add activity status of participants based on last_seen
if order.taker_last_seen != None:
2022-10-20 09:56:10 +00:00
data["taker_status"] = Logics.user_activity_status(order.taker_last_seen)
if order.maker_last_seen != None:
2022-10-20 09:56:10 +00:00
data["maker_status"] = Logics.user_activity_status(order.maker_last_seen)
# 3.b) Non participants can view details (but only if PUB)
if not data["is_participant"] and order.status == Order.Status.PUB:
return Response(data, status=status.HTTP_200_OK)
# 4) If order is between public and WF2
2022-01-18 00:50:54 +00:00
if order.status >= Order.Status.PUB and order.status < Order.Status.WF2:
data["price_now"], data["premium_now"] = Logics.price_and_premium_now(order)
2022-02-17 19:50:10 +00:00
2022-10-20 09:56:10 +00:00
# 4. a) If maker and Public/Paused, add premium percentile
# num similar orders, and maker information to enable telegram notifications.
2022-10-20 09:56:10 +00:00
if data["is_maker"] and order.status in [
Order.Status.PUB,
Order.Status.PAU,
]:
2022-02-17 19:50:10 +00:00
data["premium_percentile"] = compute_premium_percentile(order)
data["num_similar_orders"] = len(
2022-10-20 09:56:10 +00:00
Order.objects.filter(
currency=order.currency, status=Order.Status.PUB
)
)
# Adds/generate telegram token and whether it is enabled
# Deprecated
2022-10-20 09:56:10 +00:00
data = {**data, **Telegram.get_context(request.user)}
2022-01-14 12:00:53 +00:00
2022-01-18 00:50:54 +00:00
# For participants add positions, nicks and status as a message and hold invoices status
2022-02-17 19:50:10 +00:00
data["is_buyer"] = Logics.is_buyer(order, request.user)
data["is_seller"] = Logics.is_seller(order, request.user)
data["taker_nick"] = str(order.taker)
data["status_message"] = Order.Status(order.status).label
data["is_fiat_sent"] = order.is_fiat_sent
data["is_disputed"] = order.is_disputed
data["ur_nick"] = request.user.username
2022-01-18 00:50:54 +00:00
# Add whether hold invoices are LOCKED (ACCEPTED)
# Is there a maker bond? If so, True if locked, False otherwise
if order.maker_bond:
data["maker_locked"] = order.maker_bond.status == LNPayment.Status.LOCKED
2022-01-18 00:50:54 +00:00
else:
2022-02-17 19:50:10 +00:00
data["maker_locked"] = False
2022-01-18 00:50:54 +00:00
# Is there a taker bond? If so, True if locked, False otherwise
if order.taker_bond:
data["taker_locked"] = order.taker_bond.status == LNPayment.Status.LOCKED
2022-01-18 00:50:54 +00:00
else:
2022-02-17 19:50:10 +00:00
data["taker_locked"] = False
2022-01-18 00:50:54 +00:00
# Is there an escrow? If so, True if locked, False otherwise
if order.trade_escrow:
data["escrow_locked"] = order.trade_escrow.status == LNPayment.Status.LOCKED
2022-01-18 00:50:54 +00:00
else:
2022-02-17 19:50:10 +00:00
data["escrow_locked"] = False
2022-01-18 00:50:54 +00:00
# If both bonds are locked, participants can see the final trade amount in sats.
2022-01-18 15:45:04 +00:00
if order.taker_bond:
2022-10-20 09:56:10 +00:00
if (
order.maker_bond.status
== order.taker_bond.status
== LNPayment.Status.LOCKED
):
2022-01-18 15:45:04 +00:00
# Seller sees the amount he sends
2022-02-17 19:50:10 +00:00
if data["is_seller"]:
2022-10-20 09:56:10 +00:00
data["trade_satoshis"] = Logics.escrow_amount(order, request.user)[
1
]["escrow_amount"]
2022-01-18 15:45:04 +00:00
# Buyer sees the amount he receives
2022-02-17 19:50:10 +00:00
elif data["is_buyer"]:
2022-10-20 09:56:10 +00:00
data["trade_satoshis"] = Logics.payout_amount(order, request.user)[
1
]["invoice_amount"]
2022-01-09 20:05:19 +00:00
# 5) If status is 'waiting for maker bond' and user is MAKER, reply with a MAKER hold invoice.
2022-02-17 19:50:10 +00:00
if order.status == Order.Status.WFB and data["is_maker"]:
2022-01-09 20:05:19 +00:00
valid, context = Logics.gen_maker_hold_invoice(order, request.user)
if valid:
data = {**data, **context}
else:
return Response(context, status.HTTP_400_BAD_REQUEST)
2022-02-17 19:50:10 +00:00
2022-01-09 20:05:19 +00:00
# 6) If status is 'waiting for taker bond' and user is TAKER, reply with a TAKER hold invoice.
2022-02-17 19:50:10 +00:00
elif order.status == Order.Status.TAK and data["is_taker"]:
2022-01-09 20:05:19 +00:00
valid, context = Logics.gen_taker_hold_invoice(order, request.user)
if valid:
data = {**data, **context}
else:
return Response(context, status.HTTP_400_BAD_REQUEST)
2022-02-17 19:50:10 +00:00
# 7 a. ) If seller and status is 'WF2' or 'WFE'
2022-10-20 09:56:10 +00:00
elif data["is_seller"] and (
order.status == Order.Status.WF2 or order.status == Order.Status.WFE
):
2022-01-09 20:05:19 +00:00
# If the two bonds are locked, reply with an ESCROW hold invoice.
2022-10-20 09:56:10 +00:00
if (
order.maker_bond.status
== order.taker_bond.status
== LNPayment.Status.LOCKED
):
valid, context = Logics.gen_escrow_hold_invoice(order, request.user)
2022-01-08 17:19:30 +00:00
if valid:
data = {**data, **context}
else:
return Response(context, status.HTTP_400_BAD_REQUEST)
2022-02-17 19:50:10 +00:00
# 7.b) If user is Buyer and status is 'WF2' or 'WFI'
2022-10-20 09:56:10 +00:00
elif data["is_buyer"] and (
order.status == Order.Status.WF2 or order.status == Order.Status.WFI
):
# If the two bonds are locked, reply with an AMOUNT and onchain swap cost so he can send the buyer invoice/address.
2022-10-20 09:56:10 +00:00
if (
order.maker_bond.status
== order.taker_bond.status
== LNPayment.Status.LOCKED
):
valid, context = Logics.payout_amount(order, request.user)
2022-01-08 17:19:30 +00:00
if valid:
data = {**data, **context}
else:
return Response(context, status.HTTP_400_BAD_REQUEST)
# 8) If status is 'CHA' or 'FSE' and all HTLCS are in LOCKED
2022-10-20 09:56:10 +00:00
elif order.status in [Order.Status.WFI, Order.Status.CHA, Order.Status.FSE]:
# If all bonds are locked.
2022-10-20 09:56:10 +00:00
if (
order.maker_bond.status
== order.taker_bond.status
== order.trade_escrow.status
== LNPayment.Status.LOCKED
):
2022-01-23 19:02:25 +00:00
# add whether a collaborative cancel is pending or has been asked
2022-02-17 19:50:10 +00:00
if (data["is_maker"] and order.taker_asked_cancel) or (
2022-10-20 09:56:10 +00:00
data["is_taker"] and order.maker_asked_cancel
):
2022-02-17 19:50:10 +00:00
data["pending_cancel"] = True
elif (data["is_maker"] and order.maker_asked_cancel) or (
2022-10-20 09:56:10 +00:00
data["is_taker"] and order.taker_asked_cancel
):
2022-02-17 19:50:10 +00:00
data["asked_for_cancel"] = True
2022-01-23 19:02:25 +00:00
else:
2022-02-17 19:50:10 +00:00
data["asked_for_cancel"] = False
2022-10-20 09:56:10 +00:00
offset = request.GET.get("offset", None)
if offset:
data["chat"] = ChatView.get(None, request).data
2022-01-09 21:24:48 +00:00
# 9) If status is 'DIS' and all HTLCS are in LOCKED
2022-01-23 19:02:25 +00:00
elif order.status == Order.Status.DIS:
# add whether the dispute statement has been received
2022-02-17 19:50:10 +00:00
if data["is_maker"]:
2022-10-20 09:56:10 +00:00
data["statement_submitted"] = (
order.maker_statement != None and order.maker_statement != ""
)
2022-02-17 19:50:10 +00:00
elif data["is_taker"]:
2022-10-20 09:56:10 +00:00
data["statement_submitted"] = (
order.taker_statement != None and order.taker_statement != ""
)
# 9) If status is 'Failed routing', reply with retry amounts, time of next retry and ask for invoice at third.
2022-10-20 09:56:10 +00:00
elif (
order.status == Order.Status.FAI and order.payout.receiver == request.user
): # might not be the buyer if after a dispute where winner wins
2022-02-17 19:50:10 +00:00
data["retries"] = order.payout.routing_attempts
data["next_retry_time"] = order.payout.last_routing_time + timedelta(
2022-10-20 09:56:10 +00:00
minutes=RETRY_TIME
)
if order.payout.failure_reason:
2022-10-20 09:56:10 +00:00
data["failure_reason"] = LNPayment.FailureReason(
order.payout.failure_reason
).label
if order.payout.status == LNPayment.Status.EXPIRE:
2022-02-17 19:50:10 +00:00
data["invoice_expired"] = True
# Add invoice amount once again if invoice was expired.
2022-10-20 09:56:10 +00:00
data["invoice_amount"] = Logics.payout_amount(order, request.user)[1][
"invoice_amount"
]
2022-02-17 19:50:10 +00:00
# 10) If status is 'Expired', "Sending", "Finished" or "failed routing", add info for renewal:
2022-10-20 09:56:10 +00:00
elif order.status in [
Order.Status.EXP,
Order.Status.SUC,
Order.Status.PAY,
Order.Status.FAI,
]:
data["public_duration"] = order.public_duration
data["bond_size"] = order.bond_size
data["bondless_taker"] = order.bondless_taker
2022-07-16 11:15:00 +00:00
# Adds trade summary
2022-10-20 09:56:10 +00:00
if order.status in [Order.Status.SUC, Order.Status.PAY, Order.Status.FAI]:
valid, context = Logics.summarize_trade(order, request.user)
if valid:
data = {**data, **context}
2022-07-16 11:15:00 +00:00
# If status is 'Expired' add expiry reason
if order.status == Order.Status.EXP:
data["expiry_reason"] = order.expiry_reason
data["expiry_message"] = Order.ExpiryReasons(order.expiry_reason).label
2022-06-16 15:31:30 +00:00
# If status is 'Succes' add final stats and txid if it is a swap
if order.status == Order.Status.SUC:
# If buyer and is a swap, add TXID
2022-10-20 09:56:10 +00:00
if Logics.is_buyer(order, request.user):
2022-06-16 15:31:30 +00:00
if order.is_swap:
data["num_satoshis"] = order.payout_tx.num_satoshis
data["sent_satoshis"] = order.payout_tx.sent_satoshis
2022-10-20 09:56:10 +00:00
if order.payout_tx.status in [
OnchainPayment.Status.MEMPO,
OnchainPayment.Status.CONFI,
]:
2022-06-16 15:31:30 +00:00
data["txid"] = order.payout_tx.txid
data["network"] = str(config("NETWORK"))
2022-06-16 15:31:30 +00:00
return Response(data, status.HTTP_200_OK)
@extend_schema(**OrderViewSchema.take_update_confirm_dispute_cancel)
2022-01-06 20:33:40 +00:00
def take_update_confirm_dispute_cancel(self, request, format=None):
2022-02-17 19:50:10 +00:00
"""
Here takes place all of the updates to the order object.
2022-01-06 22:39:59 +00:00
That is: take, confim, cancel, dispute, update_invoice or rate.
2022-02-17 19:50:10 +00:00
"""
order_id = request.GET.get(self.lookup_url_kwarg)
2022-01-06 20:33:40 +00:00
serializer = UpdateOrderSerializer(data=request.data)
2022-02-17 19:50:10 +00:00
if not serializer.is_valid():
return Response(status=status.HTTP_400_BAD_REQUEST)
order = Order.objects.get(id=order_id)
2022-02-17 19:50:10 +00:00
# action is either 1)'take', 2)'confirm', 3)'cancel', 4)'dispute' , 5)'update_invoice'
2022-06-06 17:57:04 +00:00
# 5.b)'update_address' 6)'submit_statement' (in dispute), 7)'rate_user' , 8)'rate_platform'
2022-02-17 19:50:10 +00:00
action = serializer.data.get("action")
invoice = serializer.data.get("invoice")
2022-06-06 17:57:04 +00:00
address = serializer.data.get("address")
2022-06-06 20:37:51 +00:00
mining_fee_rate = serializer.data.get("mining_fee_rate")
2022-02-17 19:50:10 +00:00
statement = serializer.data.get("statement")
rating = serializer.data.get("rating")
# 1) If action is take, it is a taker request!
2022-02-17 19:50:10 +00:00
if action == "take":
if order.status == Order.Status.PUB:
2022-10-20 09:56:10 +00:00
valid, context, _ = Logics.validate_already_maker_or_taker(request.user)
2022-02-17 19:50:10 +00:00
if not valid:
return Response(context, status=status.HTTP_409_CONFLICT)
# For order with amount range, set the amount now.
if order.has_range:
amount = float(serializer.data.get("amount"))
valid, context = Logics.validate_amount_within_range(order, amount)
if not valid:
return Response(context, status=status.HTTP_400_BAD_REQUEST)
valid, context = Logics.take(order, request.user, amount)
else:
valid, context = Logics.take(order, request.user)
2022-02-17 19:50:10 +00:00
if not valid:
return Response(context, status=status.HTTP_403_FORBIDDEN)
2022-01-10 12:10:32 +00:00
2022-01-14 14:19:25 +00:00
return self.get(request)
2022-02-17 19:50:10 +00:00
else:
Response(
{"bad_request": "This order is not public anymore."},
status.HTTP_400_BAD_REQUEST,
)
2022-01-06 20:33:40 +00:00
# Any other action is only allowed if the user is a participant
if not (order.maker == request.user or order.taker == request.user):
2022-02-17 19:50:10 +00:00
return Response(
{"bad_request": "You are not a participant in this order"},
status.HTTP_403_FORBIDDEN,
)
# 2) If action is 'update invoice'
2022-06-19 06:09:21 +00:00
elif action == "update_invoice":
2022-10-20 09:56:10 +00:00
valid, context = Logics.update_invoice(order, request.user, invoice)
2022-02-17 19:50:10 +00:00
if not valid:
return Response(context, status.HTTP_400_BAD_REQUEST)
2022-10-20 09:56:10 +00:00
# 2.b) If action is 'update address'
2022-06-19 06:09:21 +00:00
elif action == "update_address":
2022-10-20 09:56:10 +00:00
valid, context = Logics.update_address(
order, request.user, address, mining_fee_rate
)
2022-06-06 17:57:04 +00:00
if not valid:
return Response(context, status.HTTP_400_BAD_REQUEST)
2022-02-17 19:50:10 +00:00
2022-01-06 20:33:40 +00:00
# 3) If action is cancel
2022-02-17 19:50:10 +00:00
elif action == "cancel":
valid, context = Logics.cancel_order(order, request.user)
if not valid:
return Response(context, status.HTTP_400_BAD_REQUEST)
2022-01-06 20:33:40 +00:00
# 4) If action is confirm
2022-02-17 19:50:10 +00:00
elif action == "confirm":
valid, context = Logics.confirm_fiat(order, request.user)
if not valid:
return Response(context, status.HTTP_400_BAD_REQUEST)
2022-01-06 20:33:40 +00:00
# 5) If action is dispute
2022-02-17 19:50:10 +00:00
elif action == "dispute":
valid, context = Logics.open_dispute(order, request.user)
if not valid:
return Response(context, status.HTTP_400_BAD_REQUEST)
2022-02-17 19:50:10 +00:00
elif action == "submit_statement":
2022-10-20 09:56:10 +00:00
valid, context = Logics.dispute_statement(order, request.user, statement)
2022-02-17 19:50:10 +00:00
if not valid:
return Response(context, status.HTTP_400_BAD_REQUEST)
2022-01-06 20:33:40 +00:00
# 6) If action is rate
2022-02-17 19:50:10 +00:00
elif action == "rate_user" and rating:
2022-10-20 09:56:10 +00:00
valid, context = Logics.rate_counterparty(order, request.user, rating)
2022-02-17 19:50:10 +00:00
if not valid:
return Response(context, status.HTTP_400_BAD_REQUEST)
2022-01-06 20:33:40 +00:00
# 7) If action is rate_platform
2022-02-17 19:50:10 +00:00
elif action == "rate_platform" and rating:
valid, context = Logics.rate_platform(request.user, rating)
2022-02-17 19:50:10 +00:00
if not valid:
return Response(context, status.HTTP_400_BAD_REQUEST)
# 8) If action is rate_platform
elif action == "pause":
valid, context = Logics.pause_unpause_public_order(order, request.user)
if not valid:
return Response(context, status.HTTP_400_BAD_REQUEST)
# If nothing of the above... something else is going on. Probably not allowed!
else:
return Response(
2022-02-17 19:50:10 +00:00
{
2022-10-20 09:56:10 +00:00
"bad_request": "The Robotic Satoshis working in the warehouse did not understand you. "
+ "Please, fill a Bug Issue in Github https://github.com/reckless-satoshi/robosats/issues"
2022-02-17 19:50:10 +00:00
},
status.HTTP_501_NOT_IMPLEMENTED,
)
return self.get(request)
class UserView(APIView):
2022-10-20 09:56:10 +00:00
NickGen = NickGenerator(
lang="English", use_adv=False, use_adj=True, use_noun=True, max_num=999
)
serializer_class = UserGenSerializer
def post(self, request, format=None):
"""
Get a new user derived from a high entropy token
- Request has a hash of a high-entropy token
- Request includes pubKey and encrypted privKey
- Generates new nickname and avatar.
- Creates login credentials (new User object)
Response with Avatar, Nickname, pubKey, privKey.
"""
context = {}
serializer = self.serializer_class(data=request.data)
2022-10-20 09:56:10 +00:00
# Return bad request if serializer is not valid
if not serializer.is_valid():
context = {"bad_request": "Invalid serializer"}
return Response(context, status=status.HTTP_400_BAD_REQUEST)
# If an existing user opens the main page by mistake, we do not want it to create a new nickname/profile for him
if request.user.is_authenticated:
context = {"nickname": request.user.username}
not_participant, _, order = Logics.validate_already_maker_or_taker(
2022-10-20 09:56:10 +00:00
request.user
)
# Does not allow this 'mistake' if an active order
if not not_participant:
context["active_order_id"] = order.id
2022-10-20 09:56:10 +00:00
context[
"bad_request"
] = f"You are already logged in as {request.user} and have an active order"
return Response(context, status.HTTP_400_BAD_REQUEST)
# The new way. The token is never sent. Only its SHA256
token_sha256 = serializer.data.get("token_sha256")
public_key = serializer.data.get("public_key")
encrypted_private_key = serializer.data.get("encrypted_private_key")
ref_code = serializer.data.get("ref_code")
2022-10-20 09:56:10 +00:00
if not public_key or not encrypted_private_key:
context["bad_request"] = "Must provide valid 'pub' and 'enc_priv' PGP keys"
return Response(context, status.HTTP_400_BAD_REQUEST)
2022-10-20 09:56:10 +00:00
(
valid,
bad_keys_context,
public_key,
encrypted_private_key,
) = Logics.validate_pgp_keys(public_key, encrypted_private_key)
if not valid:
return Response(bad_keys_context, status.HTTP_400_BAD_REQUEST)
2022-10-20 09:56:10 +00:00
# Now the server only receives a hash of the token. So server trusts the client
# with computing length, counts and unique_values to confirm the high entropy of the token
# In any case, it is up to the client if they want to create a bad high entropy token.
# Submitting the three params needed to compute token entropy is not mandatory
# If not submitted, avatars can be created with garbage entropy token. Frontend will always submit them.
try:
unique_values = serializer.data.get("unique_values")
counts = serializer.data.get("counts")
length = serializer.data.get("length")
shannon_entropy = entropy(counts, base=62)
bits_entropy = log2(unique_values**length)
# Payload
context = {
"token_shannon_entropy": shannon_entropy,
"token_bits_entropy": bits_entropy,
}
# Deny user gen if entropy below 128 bits or 0.7 shannon heterogeneity
if bits_entropy < 128 or shannon_entropy < 0.7:
context["bad_request"] = "The token does not have enough entropy"
return Response(context, status=status.HTTP_400_BAD_REQUEST)
except:
pass
2022-05-26 21:16:02 +00:00
# Hash the token_sha256, only 1 iteration. (this is the second SHA256 of the user token, aka RoboSats ID)
2022-10-20 09:56:10 +00:00
hash = hashlib.sha256(token_sha256.encode("utf-8")).hexdigest()
2022-01-18 17:52:48 +00:00
# Generate nickname deterministically
2022-02-17 19:50:10 +00:00
nickname = self.NickGen.short_from_SHA256(hash, max_length=18)[0]
context["nickname"] = nickname
# Generate avatar
rh = Robohash(hash)
2022-02-17 19:50:10 +00:00
rh.assemble(roboset="set1", bgset="any") # for backgrounds ON
# Does not replace image if existing (avoid re-avatar in case of nick collusion)
2022-02-17 19:50:10 +00:00
image_path = avatar_path.joinpath(nickname + ".png")
if not image_path.exists():
with open(image_path, "wb") as f:
2022-07-13 20:40:58 +00:00
rh.img.save(f, format="png", optimize=True)
2022-01-18 17:52:48 +00:00
# Create new credentials and login if nickname is new
if len(User.objects.filter(username=nickname)) == 0:
2022-10-20 09:56:10 +00:00
User.objects.create_user(
username=nickname, password=token_sha256, is_staff=False
)
user = authenticate(request, username=nickname, password=token_sha256)
login(request, user)
2022-10-20 09:56:10 +00:00
context["referral_code"] = token_urlsafe(8)
user.profile.referral_code = context["referral_code"]
user.profile.avatar = "static/assets/avatars/" + nickname + ".png"
2022-10-20 09:56:10 +00:00
# Noticed some PGP keys replaced at re-login. Should not happen.
# Let's implement this sanity check "If profile has not keys..."
if not user.profile.public_key:
user.profile.public_key = public_key
if not user.profile.encrypted_private_key:
user.profile.encrypted_private_key = encrypted_private_key
2022-03-06 11:45:06 +00:00
# If the ref_code was created by another robot, this robot was referred.
queryset = Profile.objects.filter(referral_code=ref_code)
if len(queryset) == 1:
user.profile.is_referred = True
2022-03-06 11:45:06 +00:00
user.profile.referred_by = queryset[0]
user.profile.save()
context["public_key"] = user.profile.public_key
context["encrypted_private_key"] = user.profile.encrypted_private_key
context["wants_stealth"] = user.profile.wants_stealth
return Response(context, status=status.HTTP_201_CREATED)
# log in user and return pub/priv keys if existing
else:
user = authenticate(request, username=nickname, password=token_sha256)
if user is not None:
login(request, user)
context["public_key"] = user.profile.public_key
context["encrypted_private_key"] = user.profile.encrypted_private_key
context["earned_rewards"] = user.profile.earned_rewards
context["referral_code"] = str(user.profile.referral_code)
context["wants_stealth"] = user.profile.wants_stealth
# Adds/generate telegram token and whether it is enabled
2022-10-20 09:56:10 +00:00
context = {**context, **Telegram.get_context(user)}
# return active order or last made order if any
2022-10-20 09:56:10 +00:00
has_no_active_order, _, order = Logics.validate_already_maker_or_taker(
request.user
)
if not has_no_active_order:
context["active_order_id"] = order.id
else:
2022-10-20 09:56:10 +00:00
last_order = Order.objects.filter(
Q(maker=request.user) | Q(taker=request.user)
).last()
if last_order:
context["last_order_id"] = last_order.id
2022-10-20 09:56:10 +00:00
# Sends the welcome back message, only if created +3 mins ago
if request.user.date_joined < (timezone.now() - timedelta(minutes=3)):
context["found"] = "We found your Robot avatar. Welcome back!"
return Response(context, status=status.HTTP_202_ACCEPTED)
else:
# It is unlikely, but maybe the nickname is taken (1 in 20 Billion chance)
2022-02-17 19:50:10 +00:00
context["found"] = "Bad luck, this nickname is taken"
context["bad_request"] = "Enter a different token"
return Response(context, status.HTTP_403_FORBIDDEN)
@extend_schema(**UserViewSchema.delete)
2022-02-17 19:50:10 +00:00
def delete(self, request):
"""Pressing "give me another" deletes the logged in user"""
user = request.user
if not user.is_authenticated:
return Response(status.HTTP_403_FORBIDDEN)
# Only delete if user life is shorter than 30 minutes. Helps to avoid deleting users by mistake
if user.date_joined < (timezone.now() - timedelta(minutes=30)):
return Response(status.HTTP_400_BAD_REQUEST)
# Check if it is not a maker or taker!
not_participant, _, _ = Logics.validate_already_maker_or_taker(user)
if not not_participant:
2022-02-17 19:50:10 +00:00
return Response(
{
2022-10-20 09:56:10 +00:00
"bad_request": "Maybe a mistake? User cannot be deleted while he is part of an order"
2022-02-17 19:50:10 +00:00
},
status.HTTP_400_BAD_REQUEST,
)
# Check if has already a profile with
if user.profile.total_contracts > 0:
2022-02-17 19:50:10 +00:00
return Response(
{
2022-10-20 09:56:10 +00:00
"bad_request": "Maybe a mistake? User cannot be deleted as it has completed trades"
2022-02-17 19:50:10 +00:00
},
status.HTTP_400_BAD_REQUEST,
)
logout(request)
user.delete()
2022-02-17 19:50:10 +00:00
return Response(
{"user_deleted": "User deleted permanently"},
status.HTTP_301_MOVED_PERMANENTLY,
)
class BookView(ListAPIView):
serializer_class = OrderPublicSerializer
2022-02-17 19:50:10 +00:00
queryset = Order.objects.filter(status=Order.Status.PUB)
@extend_schema(**BookViewSchema.get)
2022-02-17 19:50:10 +00:00
def get(self, request, format=None):
currency = request.GET.get("currency", 0)
type = request.GET.get("type", 2)
queryset = Order.objects.filter(status=Order.Status.PUB)
# Currency 0 and type 2 are special cases treated as "ANY". (These are not really possible choices)
if int(currency) == 0 and int(type) != 2:
2022-02-17 19:50:10 +00:00
queryset = Order.objects.filter(type=type, status=Order.Status.PUB)
elif int(type) == 2 and int(currency) != 0:
2022-10-20 09:56:10 +00:00
queryset = Order.objects.filter(currency=currency, status=Order.Status.PUB)
elif not (int(currency) == 0 and int(type) == 2):
2022-10-20 09:56:10 +00:00
queryset = Order.objects.filter(
currency=currency, type=type, status=Order.Status.PUB
)
2022-01-09 21:24:48 +00:00
2022-02-17 19:50:10 +00:00
if len(queryset) == 0:
return Response(
{"not_found": "No orders found, be the first to make one"},
status=status.HTTP_404_NOT_FOUND,
)
book_data = []
for order in queryset:
data = ListOrderSerializer(order).data
2022-02-17 19:50:10 +00:00
data["maker_nick"] = str(order.maker)
2022-09-10 13:51:15 +00:00
data["satoshis_now"] = Logics.satoshis_now(order)
2022-01-10 01:12:58 +00:00
# Compute current premium for those orders that are explicitly priced.
2022-10-20 09:56:10 +00:00
data["price"], data["premium"] = Logics.price_and_premium_now(order)
data["maker_status"] = Logics.user_activity_status(order.maker_last_seen)
for key in (
"status",
"taker",
): # Non participants should not see the status or who is the taker
del data[key]
2022-02-17 19:50:10 +00:00
book_data.append(data)
2022-02-17 19:50:10 +00:00
return Response(book_data, status=status.HTTP_200_OK)
class InfoView(ListAPIView):
serializer_class = InfoSerializer
@extend_schema(**InfoViewSchema.get)
2022-01-09 01:23:13 +00:00
def get(self, request):
context = {}
2022-02-17 19:50:10 +00:00
context["num_public_buy_orders"] = len(
2022-10-20 09:56:10 +00:00
Order.objects.filter(type=Order.Types.BUY, status=Order.Status.PUB)
)
2022-02-17 19:50:10 +00:00
context["num_public_sell_orders"] = len(
2022-10-20 09:56:10 +00:00
Order.objects.filter(type=Order.Types.SELL, status=Order.Status.PUB)
)
context["book_liquidity"] = Order.objects.filter(
status=Order.Status.PUB
).aggregate(Sum("last_satoshis"))["last_satoshis__sum"]
context["book_liquidity"] = (
0 if context["book_liquidity"] == None else context["book_liquidity"]
)
# Number of active users (logged in in last 30 minutes)
today = datetime.today()
2022-02-17 19:50:10 +00:00
context["active_robots_today"] = len(
2022-10-20 09:56:10 +00:00
User.objects.filter(last_login__day=today.day)
)
2022-01-18 17:52:48 +00:00
# Compute average premium and volume of today
2022-03-13 12:00:21 +00:00
last_day = timezone.now() - timedelta(days=1)
queryset = MarketTick.objects.filter(timestamp__gt=last_day)
if not len(queryset) == 0:
avg_premium, total_volume = compute_avg_premium(queryset)
# If no contracts, fallback to lifetime avg premium
else:
queryset = MarketTick.objects.all()
2022-03-13 12:00:21 +00:00
avg_premium, _ = compute_avg_premium(queryset)
total_volume = 0
queryset = MarketTick.objects.all()
if not len(queryset) == 0:
volume_contracted = []
for tick in queryset:
volume_contracted.append(tick.volume)
lifetime_volume = sum(volume_contracted)
else:
lifetime_volume = 0
2022-03-13 12:00:21 +00:00
context["last_day_nonkyc_btc_premium"] = round(avg_premium, 2)
context["last_day_volume"] = round(total_volume, 8)
context["lifetime_volume"] = round(lifetime_volume, 8)
2022-02-17 19:50:10 +00:00
context["lnd_version"] = get_lnd_version()
context["robosats_running_commit_hash"] = get_robosats_commit()
context["version"] = get_robosats_version()
2022-02-17 19:50:10 +00:00
context["alternative_site"] = config("ALTERNATIVE_SITE")
context["alternative_name"] = config("ALTERNATIVE_NAME")
context["node_alias"] = config("NODE_ALIAS")
context["node_id"] = config("NODE_ID")
context["network"] = config("NETWORK")
2022-10-20 09:56:10 +00:00
context["maker_fee"] = float(config("FEE")) * float(config("MAKER_FEE_SPLIT"))
context["taker_fee"] = float(config("FEE")) * (
1 - float(config("MAKER_FEE_SPLIT"))
)
2022-03-18 22:09:38 +00:00
context["bond_size"] = float(config("DEFAULT_BOND_SIZE"))
2022-10-20 09:56:10 +00:00
context["current_swap_fee_rate"] = Logics.compute_swap_fee_rate(
BalanceLog.objects.latest("time")
)
if request.user.is_authenticated:
2022-02-17 19:50:10 +00:00
context["nickname"] = request.user.username
context["referral_code"] = str(request.user.profile.referral_code)
context["earned_rewards"] = request.user.profile.earned_rewards
context["wants_stealth"] = request.user.profile.wants_stealth
# Adds/generate telegram token and whether it is enabled
2022-10-20 09:56:10 +00:00
context = {**context, **Telegram.get_context(request.user)}
2022-02-17 19:50:10 +00:00
has_no_active_order, _, order = Logics.validate_already_maker_or_taker(
2022-10-20 09:56:10 +00:00
request.user
)
if not has_no_active_order:
2022-02-17 19:50:10 +00:00
context["active_order_id"] = order.id
else:
2022-10-20 09:56:10 +00:00
last_order = Order.objects.filter(
Q(maker=request.user) | Q(taker=request.user)
).last()
if last_order:
context["last_order_id"] = last_order.id
return Response(context, status.HTTP_200_OK)
class RewardView(CreateAPIView):
serializer_class = ClaimRewardSerializer
@extend_schema(**RewardViewSchema.post)
def post(self, request):
serializer = self.serializer_class(data=request.data)
if not request.user.is_authenticated:
return Response(
2022-10-20 09:56:10 +00:00
{"bad_request": "Woops! It seems you do not have a robot avatar"},
status.HTTP_400_BAD_REQUEST,
)
if not serializer.is_valid():
return Response(status=status.HTTP_400_BAD_REQUEST)
invoice = serializer.data.get("invoice")
valid, context = Logics.withdraw_rewards(request.user, invoice)
if not valid:
2022-10-20 09:56:10 +00:00
context["successful_withdrawal"] = False
return Response(context, status.HTTP_400_BAD_REQUEST)
return Response({"successful_withdrawal": True}, status.HTTP_200_OK)
class PriceView(ListAPIView):
serializer_class = PriceSerializer
@extend_schema(**PriceViewSchema.get)
def get(self, request):
payload = {}
2022-10-20 09:56:10 +00:00
queryset = Currency.objects.all().order_by("currency")
for currency in queryset:
code = Currency.currency_dict[str(currency.currency)]
try:
2022-10-20 09:56:10 +00:00
last_tick = MarketTick.objects.filter(currency=currency).latest(
"timestamp"
)
payload[code] = {
2022-10-20 09:56:10 +00:00
"price": last_tick.price,
"volume": last_tick.volume,
"premium": last_tick.premium,
"timestamp": last_tick.timestamp,
}
except:
payload[code] = None
2022-03-20 23:46:36 +00:00
return Response(payload, status.HTTP_200_OK)
class TickView(ListAPIView):
queryset = MarketTick.objects.all()
serializer_class = TickSerializer
@extend_schema(**TickViewSchema.get)
def get(self, request):
2022-10-20 09:56:10 +00:00
data = self.serializer_class(
self.queryset.all(), many=True, read_only=True
).data
return Response(data, status=status.HTTP_200_OK)
2022-03-20 23:46:36 +00:00
class LimitView(ListAPIView):
@extend_schema(**LimitViewSchema.get)
2022-03-20 23:46:36 +00:00
def get(self, request):
2022-10-20 09:56:10 +00:00
2022-03-20 23:46:36 +00:00
# Trade limits as BTC
2022-10-20 09:56:10 +00:00
min_trade = float(config("MIN_TRADE")) / 100000000
max_trade = float(config("MAX_TRADE")) / 100000000
max_bondless_trade = float(config("MAX_TRADE_BONDLESS_TAKER")) / 100000000
2022-03-20 23:46:36 +00:00
payload = {}
2022-10-20 09:56:10 +00:00
queryset = Currency.objects.all().order_by("currency")
2022-03-20 23:46:36 +00:00
for currency in queryset:
code = Currency.currency_dict[str(currency.currency)]
exchange_rate = float(currency.exchange_rate)
payload[currency.currency] = {
2022-10-20 09:56:10 +00:00
"code": code,
"price": exchange_rate,
"min_amount": min_trade * exchange_rate,
"max_amount": max_trade * exchange_rate,
"max_bondless_amount": max_bondless_trade * exchange_rate,
2022-03-20 23:46:36 +00:00
}
return Response(payload, status.HTTP_200_OK)
class HistoricalView(ListAPIView):
@extend_schema(**HistoricalViewSchema.get)
def get(self, request):
payload = {}
2022-10-20 09:56:10 +00:00
queryset = AccountingDay.objects.all().order_by("day")
for accounting_day in queryset:
payload[str(accounting_day.day)] = {
2022-10-20 09:56:10 +00:00
"volume": accounting_day.contracted,
"num_contracts": accounting_day.num_contracts,
}
return Response(payload, status.HTTP_200_OK)
class StealthView(UpdateAPIView):
serializer_class = StealthSerializer
2022-10-20 09:56:10 +00:00
@extend_schema(**StealthViewSchema.put)
def put(self, request):
serializer = self.serializer_class(data=request.data)
if not request.user.is_authenticated:
return Response(
2022-10-20 09:56:10 +00:00
{"bad_request": "Woops! It seems you do not have a robot avatar"},
status.HTTP_400_BAD_REQUEST,
)
if not serializer.is_valid():
return Response(status=status.HTTP_400_BAD_REQUEST)
stealth = serializer.data.get("wantsStealth")
request.user.profile.wants_stealth = stealth
request.user.profile.save()
return Response({"wantsStealth": stealth})